Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
A malware defeating a Sandbox, a VM and an AV - Case Study
Message
<blockquote data-quote="ForgottenSeer 823865" data-source="post: 860260"><p>To be honest, for testing, nothing is better than a real system. You can find refurbished machines very cheap.</p><p></p><p>About jumping to the host, there is some exit routes for the malware like memory bug corruption, TCPIP, if the host memory space is a accessing the guest one, etc...</p><p>Note that full software virtualization are more susceptible to escapes, reason I never recommended using light virtualization for malware testing.</p><p></p><p>As I pointed above, networking between host and guests is another exit route, as well as some VM tools/features made for host-guest intercommunications.</p><p></p><p>And of course, dedicated exploits are possible like the old Cloudburst.</p><p></p><p>Even if all those situations are uncommon, they still exist, hence if you are really serious about malware testing, investing some bucks in a spare machine is way more efficient than any VMs.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 823865, post: 860260"] To be honest, for testing, nothing is better than a real system. You can find refurbished machines very cheap. About jumping to the host, there is some exit routes for the malware like memory bug corruption, TCPIP, if the host memory space is a accessing the guest one, etc... Note that full software virtualization are more susceptible to escapes, reason I never recommended using light virtualization for malware testing. As I pointed above, networking between host and guests is another exit route, as well as some VM tools/features made for host-guest intercommunications. And of course, dedicated exploits are possible like the old Cloudburst. Even if all those situations are uncommon, they still exist, hence if you are really serious about malware testing, investing some bucks in a spare machine is way more efficient than any VMs. [/QUOTE]
Insert quotes…
Verification
Post reply
Top